We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

How can HTTP be Secure?

2»

Comments

  • 12bdebt3
    12bdebt3 Posts: 446 Forumite
    Ninth Anniversary 100 Posts Combo Breaker
    Paul_Varjak wrote: »
    My Bills Online is not just a service for water companies. If someone can grab a couple of bills from different companies, he is well on his way to stealing your identity!

    Bit of a sexist comment not all hackers are male, just the best ones.

    Plus if a hacker really wanted your credentials or your water bill I doubt HTTPS would stop he/she if he/she is good enough at hacking.
  • jaydeeuk1
    jaydeeuk1 Posts: 7,714 Forumite
    Debt-free and Proud!
    To be fair, if they're able to hack the https protocol and encryption algorithm, I'll sure they'll have better and more lucrative targets than some family's water bill website.
  • Paul_Varjak
    Paul_Varjak Posts: 4,627 Forumite
    Part of the Furniture 1,000 Posts Photogenic Combo Breaker
    RobTang wrote: »
    You could spike the original request and redirect in a man in the middle request, your suspectable to it anyway if you dont explictly goto the https address.

    Although My Bills On line does only allow for viewing of bills, there are links on the insecure web page to internet banking for three banks. A Man-in-the-Middle attack could easily redirect those banking links. Users would not receive any certificate error since the My Bills Online page is not secure anyway!
  • RobTang
    RobTang Posts: 1,064 Forumite
    Paul_Varjak wrote: »
    Although My Bills On line does only allow for viewing of bills, there are links on the insecure web page to internet banking for three banks. A Man-in-the-Middle attack could easily redirect those banking links. Users would not receive any certificate error since the My Bills Online page is not secure anyway!

    Personally its irrelevant, if I sit in the middle of your connection I can redirect any address you happen to type in why would I bother to create a fake page which has a link you may or may not click when I Can just re-direct the original url from anywhere.

    You may as well compain all the banks landing pages are http as well which is why some like to use the rapport software.
  • Paul_Varjak
    Paul_Varjak Posts: 4,627 Forumite
    Part of the Furniture 1,000 Posts Photogenic Combo Breaker
    RobTang wrote: »
    You may as well compain all the banks landing pages are http as well which is why some like to use the rapport software.

    The landing pages of banks may well be HTTP but the log-in pages are not. With My Bills Online, the landing page is the log-in page.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.1K Banking & Borrowing
  • 253.6K Reduce Debt & Boost Income
  • 454.3K Spending & Discounts
  • 245.2K Work, Benefits & Business
  • 600.9K Mortgages, Homes & Bills
  • 177.5K Life & Family
  • 259K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture